In the Claims : 



Please amend claims 1, 9, 10, 27, 37, 43, 47, 51, 62, 63 and 65-68, and please 
cancel claims 36, 44-46, 52 and 64, as indicated below. 

1 . (Currently amended) A method for communicating in a distributed computing 
environment, comprising: 

a client accessing an authentication service to obtain an authentication credential 
to use a first service; 

determining client capabilities for said client, wherein said client capabilities are 
capabilities of said first service that said client is permitted to use , wherein 
said determining client capabilities comprises accessing an access policy 
service to obtain a capability token indicating which capabilities of said 
first service said client is permitted to access ; 

binding said client capabilities to said authentication credential; 

said client sending a first message to said first service, wherein said first message 
includes said authentication credential; 

said first service using said authentication service to authenticate said 
authentication credential received in said first message; and 

said first service responding to said first message if said authentication credential 
in said first message is determined to be authentic as from said client. 

2. (Original) The method as recited in claim 1, further comprising said client 
obtaining an address for said authentication service from an advertisement for said first 
service, wherein said accessing an authentication service comprises said client sending a 
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message to said address for said authentication service requesting said authentication 
credential to use said advertised first service. 

3. (Original) The method as recited in claim 2, wherein said advertisement for 
said first service includes a data representation language schema defining a message 
interface for accessing said first service. 

4. (Original) The method as recited in claim 3, wherein said first message 
corresponds to a message defined in said data representation language schema. 

5. (Original) The method as recited in claim 4, further comprising said client 
sending additional messages to said first service to use said first service, wherein said 
authentication credential is included with each one of said additional messages, and 
wherein each one of said additional messages is defined by said data representation 
language schema. 

6. (Original) The method as recited in claim 5, wherein said data representation 
language schema is an extensible Markup Language (XML) schema. 

7. (Canceled) 

8. (Previously presented) The method as recited in claim 1, further comprising: 

said client sending a request message to said first service to access a capability of 
said first service, wherein said request message includes said 
authentication credential; 

said first service determining that the capability requested in said request message 
is within said client capabilities; and 
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said first service fulfilling said request message only if the capability requested in 
said request message is within said client capabilities. 

9. (Currently amended) The method as recited in claim 1, wherein said 
determining client capabilities comprises said client accessing an access policy service to 
obtain a capability token indicating which capabilities of said first service said client is 
permitted to access is performed by said client . 

10. (Currently amended) The method as recited in claim [[9]] 1, wherein said 
authentication service and said access policy service are combined as a single service and 
wherein said capability token is included within said authentication credential. 

11. (Previously presented) The method as recited in claim 1, wherein said 
determining client capabilities is performed by said first service. 

12. (Original) The method as recited in claim 1, further comprising said client 
generating a message gate for accessing said first service, wherein said message gate 
sends request messages from said client to said first service to access said first service, 
and wherein said message gate includes said authentication credential in each message to 
said first service. 

13. (Original) The method as recited in claim 12, further comprising said client 
obtaining a service advertisement for said first service before accessing said first service, 
wherein said service advertisement comprises an address for said authentication service 
and an address for said first service. 

14. (Original) The method as recited in claim 13, wherein said service 
advertisement further comprises a data representation language schema defining a 
message interface for accessing said first service, wherein said message gate verifies that 
each message sent from said client to said first service complies with said data 
representation language schema. 
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15. (Original) The method as recited in claim 1, wherein said authentication 
service is a separately addressable service from said first service. 

16. (Original) The method as recited in claim 1, wherein said client accessing an 
authentication service to obtain an authentication credential to use a first service 
comprises said authentication service returning said authentication credential to said 
client only if said client is authorized to access said first service. 

17. (Original) A method for communication in a distributed computing 
environment, comprising: 

a client obtaining a service advertisement for a first service, wherein said service 
advertisement includes an address for an authentication service; 

said client sending a request message to said authentication service to obtain an 
authentication credential to use said first service; 

said client generating a message gate for accessing said first service, wherein said 
message gate embeds said authentication credential in every message from 
said client to said first service; and 

said client accessing said first service through said message gate. 

18. (Original) The method as recited in claim 17, wherein said service 
advertisement further comprises a data representation language schema defining a 
message interface for accessing said first service, the method further comprising said 
message gate verifying that every message sent from said client to said first service 
complies with said data representation language schema. 
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19. (Original) The method as recited in claim 18, wherein said data 
representation language schema is an extensible Markup Language (XML) schema and 
said messages from said client to said first service are XML messages. 

20. (Original) The method as recited in claim 17, further comprising said first 
service using said authentication service to determine if said authentication credential 
received in a first message from said client is authentic. 

21. (Original) The method as recited in claim 20, further comprising, after 
authenticating said authentication credential received in said first message from said 
client, said first service determining which capabilities of said first service said client is 
authorized to use, wherein said first service responds to a request message from said 
client only if said request message is for an authorized capability for said client. 

22. (Original) The method as recited in claim 21, further comprising said first 
service binding a determination of which capabilities of said first service said client is 
authorized to use to said authentication credential so that said first service does not need 
to repeat said determining which capabilities of said first service said client is authorized 
to use. 

23. (Original) The method as recited in claim 20, further comprising said first 
service noting whether or not said authentication credential is authentic so that said first 
service does not need to repeat said using said authentication service to determine if said 
authentication credential received in a first message from said client is authentic. 

24. (Original) The method as recited in claim 17, wherein said service 
advertisement for said first service further includes an address for accessing said first 
service, wherein said authentication service and said first service are separate services 
within the distributed computing environment. 
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25. (Original) The method as recited in claim 17, wherein said service 
advertisement further includes a service identifier token for said first service, wherein 
said client sending a request message to said authentication service to obtain an 
authentication credential comprises sending said service identifier token and a client 
identifier token to said authentication service. 

26. (Original) The method as recited in claim 25, wherein said authentication 
service generates said authentication credential from said client identifier token and said 
service identifier token. 

27. (Currently amended) A client device configured to: 

access an authentication service to obtain an authentication credential to use a first 
service; 

determine client capabilities for said client device, wherein said client capabilities 
are capabilities of said first service that said client device is permitted to 
use; and 

bind said client capabilities to said authentication credential; 

generate a message gate for accessing said first service, wherein said message 
gate sends request messages from said client to said first service to access 
said first service, and wherein said message gate includes said 
authentication credential in each message to said first service; 

send a first message to said first service, wherein said first message includes said 
authentication credential, wherein said first service is configured to use 
said authentication service to authenticate said authentication credential 
received in said first message; and 
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receive a response to said first message from said first service if said 
authentication credential in said first message is determined to be 
authentic as from said client device. 

28. (Original) The client device as recited in claim 27, further configured to: 

obtain an address for said authentication service from an advertisement for said 
first service; 

wherein, in said accessing an authentication service, the client device is further 
configured to: 

send a message to said address for said authentication service requesting 
said authentication credential to use said advertised first service. 

29. (Original) The client device as recited in claim 28, wherein said 
advertisement for said first service includes a data representation language schema 
defining a message interface for accessing said first service, and wherein said first 
message corresponds to a message defined in said data representation language schema. 

30. (Original) The client device as recited in claim 29, further configured to send 
additional messages to said first service to use said first service, wherein said 
authentication credential is included with each one of said additional messages, and 
wherein each one of said additional messages is defined by said data representation 
language schema. 

31. (Original) The client device as recited in claim 29, wherein said data 
representation language schema is an extensible Markup Language (XML) schema. 

32. (Canceled) 
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33. (Previously presented) The client device as recited in claim 27, further 
configured to: 

send a request message to said first service to access a capability of said first 
service, wherein said request message includes said authentication 
credential; 

wherein said first service is configured to fulfill said request message only if said 
first service determines that the capability requested in said request 
message is within said client capabilities. 

34. (Previously presented) The client device as recited in claim 27, wherein, in 
said determining client capabilities, the client device is further configured to access an 
access policy service to obtain a capability token indicating which capabilities of said 
first service said client is permitted to access. 

35. (Original) The client device as recited in claim 34, wherein said 
authentication service and said access policy service are combined as a single service, 
and wherein said capability token is included within said authentication credential. 

36. (Canceled) 

37. (Currently amended) The client device as recited in claim [[36]] 27, further 
configured to: 

obtain a service advertisement for said first service before accessing said first 
service, wherein said service advertisement comprises a data 
representation language schema defining a message interface for accessing 
said first service; 
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wherein said message gate is configured to verify that each message sent from 
said client device to said first service complies with said data 
representation language schema. 

38. (Original) The client device as recited in claim 27, wherein, in said accessing 
an authentication service to obtain an authentication credential to use a first service, the 
client device is further configured to receive from said authentication service said 
authentication credential only if said client device is authorized to access said first 
service. 

39. (Original) The client device as recited in claim 27, wherein said 
authentication service and said first service are configured to execute within a service 
device, and wherein said client device is further configured to couple to said service 
device via a network. 

40. (Original) The client device as recited in claim 27, wherein said client device 
is further configured to couple to a network via a wireless connection. 

41 . (Original) The client device as recited in claim 27, 

wherein said authentication service is configured to execute within an 
authentication server; 

wherein said first service is configured to execute within a service device; and 

wherein said client device, said service device, and said authentication server are 
separate devices comprised in a distributed computing environment. 

42. (Original) The client device as recited in claim 27, wherein said first service 
is configured to execute within said client device. 
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43. (Currently amended) A service device configured to: 

provide to a client an advertisement for said service device, wherein said 



advertisement includes a data representation language schema defining a 



message interface for accessing said service device; 



receive from [[a]] said client a first message including an authentication 
credential, wherein said first message corresponds to a message defined in 
said data representation language schema, wherein said client accesses an 
authentication service to obtain said authentication credential to use said 
service device; 

use said authentication service to authenticate said authentication credential 
received in said first message; 

determine client capabilities for said client, wherein said client capabilities are 
capabilities of said service device that said client is permitted to use; 

bind said client capabilities to said authentication credential; [[and]] 

respond to said first message if said authentication credential in said first message 
is determined to be authentic as from said client ; and 

receive additional messages from said client to use said service device, wherein 
said authentication credential is included with each one of said additional 
messages, and wherein each one of said additional messages is defined by 
said data representation language schema . 

44.-46. (Canceled) 
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47. (Currently amended) The service device as recited in claim [[44]] 43, 
wherein said data representation language schema is an extensible Markup Language 
(XML) schema. 

48. (Canceled) 

49. (Original) The service device as recited in claim 43, further configured to: 

receive from said client a request message to access a capability of said service 
device, wherein said request message includes said authentication 
credential; 

determine that the capability requested in said request message is within said 
client capabilities; and 

fulfill said request message only if the capability requested in said request 
message is within said client capabilities. 

50. (Original) The service device as recited in claim 43, wherein said client is 
configured to execute within a client device, and wherein said service device and said 
client device are separate devices comprised in a distributed computing environment. 

51. (Currently amended) A distributed computing system, comprising: 
a client device; and 

a service device; 

wherein said client device is configured to: 
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obtain an address for an authentication service from an advertisement for 
said service device; 

access [[an]] said authentication service to obtain an authentication 
credential to use said service device , wherein to access said 
authentication service, the client device is further configured to 
send a message to said address for said authentication service 
requesting said authentication credential to use said advertised 
service device ; and 

determine client capabilities for said client device, wherein said client 
capabilities are capabilities of said service device that said client 
device is permitted to use; and 

bind said client capabilities to said authentication credential; 

send a first message to said service device, wherein said first message 
includes said authentication credential; and 

wherein said service device is configured to: 

provide to said client device said advertisement for said service device, 
wherein said advertisement includes a data representation language 
schema defining a message interface for accessing said service 
device; 

use said authentication service to authenticate said authentication 
credential received in said first message; and 

respond to said first message if said authentication credential in said first 
message is determined to be authentic as from said client. 
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52. (Canceled) 



53. (Original) The system as recited in claim 52, wherein said advertisement for 
said service device includes a data representation language schema defining a message 
interface for accessing said service device, wherein said first message corresponds to a 
message defined in said data representation language schema. 

54. (Original) The system as recited in claim 53, wherein the client device is 
further configured to send additional messages to said service device to use said service 
device, wherein said authentication credential is included with each one of said additional 
messages, and wherein each one of said additional messages is defined by said data 
representation language schema. 

55. (Original) The system as recited in claim 53, wherein said data 
representation language schema is an extensible Markup Language (XML) schema. 

56. (Original) The system as recited in claim 51, wherein said authentication 
service is configured to execute within said service device. 

57. (Original) The system as recited in claim 51, 

wherein said authentication service is configured to execute within an 
authentication server; and 

wherein said client device, said service device, and said authentication server are 
separate devices comprised in a distributed computing environment. 

58. (Original) A distributed computing system, comprising: 
a client device; 
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a service device; 

wherein said client device is configured to: 

obtain a service advertisement for said service device, wherein said 
service advertisement includes an address for an authentication 
service; 

send a request message to said authentication service to obtain an 
authentication credential to use said service device; 

generate a message gate for accessing said service device, wherein said 
message gate is configured to embed said authentication credential 
in every message from said client device to said service device; 
and 

access said service device through said message gate; 
59. (Original) The system as recited in claim 58, 

wherein said service advertisement further comprises a data representation 
language schema defining a message interface for accessing said service 
device; and 

wherein said message gate is further configured to verify that every message sent 
from said client device to said service device complies with said data 
representation language schema. 



09/653,227 (5181-64800/P4979) 15 Meyertons, Hood, Kivlin, Kowert & Goetzel, P.C. 



60. (Original) The system as recited in claim 59, wherein said data 
representation language schema is an extensible Markup Language (XML) schema and 
said messages from said client device to said service device are XML messages. 

61. (Original) The system as recited in claim 58, wherein said service device is 
configured to: 

use said authentication service to determine if said authentication credential 
received in a first message from said client device is authentic; 

determine which capabilities of said service device said client device is authorized 
to use; and 

respond to said first message from said client device only if said first message is 
for an authorized capability for said client device. 

62. (Currently amended) A computer-readable, storage medium comprising 
program instructions, wherein the program instructions are computer-executable to 
implement: 

providing to a client an advertisement for a service, wherein said advertisement 
includes a data representation language schema defining a message 
interface for accessing said service, wherein said [[a]] client 
accesses[[ing]] an authentication service to obtain an authentication 
credential to use a first said service; 

determining client capabilities for said client, wherein said client capabilities are 
capabilities of said [[first]] service that said client is permitted to use; 

binding said client capabilities to said authentication credential; 
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receiving from said client sending a first message to said [[first]] service, wherein 
said first message corresponds to a message defined in said data 
representation language schema, wherein said first message includes said 
authentication credential; 

said — first — service — using said authentication service to authenticate said 
authentication credential received in said first message; [[and]] 

said first service responding to said first message if said authentication credential 
in said first message is determined to be authentic as from said client ; and 

receive additional messages from said client to use said service, wherein said 
authentication credential is included with each one of said additional 
messages, and wherein each one of said additional messages is defined by 
said data representation language schema . 

63. (Currently amended) The computer-readable, storage medium as recited in 
claim 62, wherein said advertisement further includes the program instructions are further 
computer executable to implement: 

said client obtaining an address for said authentication service from an 
advertisement for said first service; 

wherein, in said accessing an authentication service, the program instructions arc 
further computer executable to implement: 

said client sending a message to said address for said authentication 
service requesting said authentication credential to use said 
advertised first service . 

64. (Canceled) 
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65. (Currently amended) The computer-readable, storage medium as recited in 
claim [[64]] 62, wherein said data representation language schema is an extensible 
Markup Language (XML) schema. 

66. (Currently amended) The computer-readable, storage medium as recited in 
claim 62, wherein the program instructions are further computer-executable to 
implement: 

said client sending a request message to said first service to access a capability of 
said — first — service, — wherein — said — request — message — includes — said 
authentication credential; 

said first service determining that [[the]] a capability requested in said request one 
of the message s received from said client is within said client capabilities; 
and 

said first service fulfilling said request one of the messages only if the capability 
requested in said request message is within said client capabilities. 

67. (Currently amended) The computer-readable, storage medium as recited in 
claim 62, wherein the program instructions are further computer-executable to 
implement: 

receiving said additional messages from said client generating a message gate of 
the client for accessing said first service; 

said message gate sending request messages from said client to said first service 
to access said first service, wherein said message gate includes said 
authentication credential in each message to said first service . 
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68. (Currently amended) The computer-readable, storage medium as recited in 
claim 67, wherein the program instructions — are — further computer executable to 
implement: 

said message gate verifying verifies that each message sent from said client to 
said first service complies with [[a]] said data representation language 
schema ^, wherein said data representation language schema defines a 
message interface for accessing said first service 

69. (Previously presented) A computer-readable, storage medium comprising 
program instructions, wherein the program instructions are computer-executable to 
implement: 

a client obtaining a service advertisement for a first service, wherein said service 
advertisement includes an address for an authentication service; 

said client sending a request message to said authentication service to obtain an 
authentication credential to use said first service; 

said client generating a message gate for accessing said first service, wherein said 
message gate embeds said authentication credential in every message from 
said client to said first service; and 

said client accessing said first service through said message gate. 

70. (Previously presented) The computer-readable, storage medium as recited in 
claim 69, wherein said service advertisement further comprises a data representation 
language schema defining a message interface for accessing said first service, and 
wherein the program instructions are further computer-executable to implement: 
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said message gate verifying that every message sent from said client to said first 
service complies with said data representation language schema. 

71. (Previously presented) The computer-readable, storage medium as recited in 
claim 70, wherein said data representation language schema is an extensible Markup 
Language (XML) schema and said messages from said client to said first service are 
XML messages. 

72. (Previously presented) The computer-readable, storage medium as recited in 
claim 69, wherein the program instructions are further computer-executable to 
implement: 

said first service using said authentication service to determine if said 
authentication credential received in a first message from said client is 
authentic; 

said first service determining which capabilities of said first service said client is 
authorized to use; and 

said first service responding to said first message from said client only if said first 
message is for an authorized capability for said client. 
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